Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

403990C6CB...81.exe

windows7_x64

7

403990C6CB...81.exe

windows10_x64

7

Analysis

  • max time kernel
    137s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    15/08/2021, 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    403990C6CBB042F7C1F5E57177272F81.exe

  • Size

    1.3MB

  • MD5

    403990c6cbb042f7c1f5e57177272f81

  • SHA1

    ab9ef44ed7b93ecf7b6c43f23d75a3f2dc9d5a1b

  • SHA256

    42af92e5be37c1daddda7672372a39ccebb24d31d2ea65bec2a74dfbc3a4e82c

  • SHA512

    cb1adffb69f4ff6a62257325504cebc41d22f41910a41eae9c04ec5327da9f58fb652e79b87f580c7ac6f81f27cf2fba77b4fc3947b27dd59ae376f2d7c57ee5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\403990C6CBB042F7C1F5E57177272F81.exe
    "C:\Users\Admin\AppData\Local\Temp\403990C6CBB042F7C1F5E57177272F81.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zmvsznja.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:272
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4339.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4338.tmp"
        3⤵
          PID:280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/272-71-0x0000000002210000-0x0000000002212000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1836-73-0x0000000000AFB000-0x0000000000B1A000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1836-63-0x0000000000AF4000-0x0000000000AF5000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-62-0x000007FEF2A20000-0x000007FEF3AB6000-memory.dmp

      Filesize

      16.6MB

      Download

    • memory/1836-72-0x0000000000AF5000-0x0000000000AF6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-60-0x0000000000AF0000-0x0000000000AF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1836-74-0x0000000000B1A000-0x0000000000B1B000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-75-0x0000000000B1E000-0x0000000000B1F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-76-0x000007FEEDE10000-0x000007FEEF4E3000-memory.dmp

      Filesize

      22.8MB

      Download

    • memory/1836-77-0x0000000000B22000-0x0000000000B23000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-78-0x0000000000B21000-0x0000000000B22000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-79-0x000007FEECF80000-0x000007FEEDE0F000-memory.dmp

      Filesize

      14.6MB

      Download

    • memory/1836-80-0x0000000000B24000-0x0000000000B25000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1836-81-0x0000000000B29000-0x0000000000B2A000-memory.dmp

      Filesize

      4KB

      Download